For the real time monitor, if you switch from WAN to LAN, you can see who is doing spikes. For the other items, you can see how much bandwidth each internal IP addresses has used in one of those packages. Unless you have servers in a DMZ outside of the firewall or are doing some sort of traffic reflection to internal hosts, all traffic to/from a desktop to the firewall is traffic to the internet.
I might do some screenshots to show what I mean (if I can find the time). For netflow, I setup a Windows application in a VM (from ManageEngine I think). It had simple instructions to tell the netflow generator (the firewall) to send the stats traffic to the Windows box. Then I used the the reporting features in the application to view how much data each host was sending/receiving. I was able to tell that one web server had way to much traffic and that a music streaming server was running 800% of normal. I understand that there are open source versions of this program that run on Linux/FreeBSD. Setting one of these up is on my todo list. With a bit of programming, I'm sure you do this with Cacti/RRD, but then again, I've been a perl programmer for 20 years, so my idea of a "bit of programming" might radically differ from yours :) If I can find the time, I'll see if I can find any notes. Walter On Mon, Feb 16, 2015 at 2:58 PM, Volker Kuhlmann <list0...@paradise.net.nz> wrote: > On Tue 17 Feb 2015 10:33:21 NZDT +1300, Walter Parker wrote: > > > In Realtime, you can use the dashboard app. > > The pfsense dashboard? I don't think so. traffic going through a > particular interface is not so interesting. > > > For plugins, BandwidthD and Darkstat have some information. > > Unfortuntely the info is of no value. I am not interested in any traffic > volume between LAN, DMZ, WIFI, LAN2, etc. I am only interested in the > traffic going through WAN, and with which *internal* host. The above > packages can only tell me which *Internet* sites had how much traffic > through WAN, but that side of the connection is of no interest to me. I > want to know which of my clients have created the traffic for which I > have to pay my ISP, so I can work out which flatmate has to pay for it, > or fix the computer with a problem that wastes my money. > > I realise those in the USA and a few other countries don't have this > problem, but it sure exists where I live and I'm sure it's not the only > country. In any case it's good to know what gobbles up resources, even > if they're free. > > > I've used netflow on other systems to get this sort of information, but > for > > pfSense you would have to setup a second box that ran the netflow > > visualizer to see the traffic information from one of the netflow > plugins. > > Copying a file onto another computer to look at its content isn't too > much of a problem. Do you know of a good tutorial that lists the > software needed, and basic config for each part? > > Thanks, > > Volker > > -- > Volker Kuhlmann > http://volker.top.geek.nz/ Please do not CC list postings to me. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
